University Students’ Data are at stake

Aug 20, 2018 | Privileged Accounts , Authentication

It is definitely unruly and obnoxious to learn that the cyber crooks are not sparing education sector from their target zone. Few months back, some unethical hackers (suspected to be from Iran) made an alleged spree of malicious attacks on reputed educational institutes (mostly universities) of The United States and abroad. After hair-split investigation, the alleged culprits were charged with online infiltration at a good number of universities along with some private organizations. The department of justice (DOJ) revealed that approximately $3 billion intellectual property was manhandled by the malefactors.

The Crime

The hackers found a unique technique to collect sensitive personal details of the students getting enrolled in the universities. They exploited the vulnerabilities with to the privileged accounts, mainly of the Head of the Departments, Professors, admin officers and other university affiliates. It was also found that more than 8,000 credentials and student information out of 10,000 were compromised during this incident. It has been also found that the hackers worked in a group from multiple locations to breach the data. Investigation officers found that the privileged accounts in the institute network were never monitored by any security software, which aggravated the disaster.

The Solution

This incident became the strongest eye-opener of other institutions and universities who started to give utmost importance to their internal network security systems. Stealing student records is considered to be one of the heinous crimes throughout the world. Universities keep digital records of personal and financial details (students who get stipend) of thousands of students from home and abroad. As a result, a robust access management system, which can monitor each and every activity happening in the account in real-time, can be a respite from unforeseen threats. With a proper access management system in place, the system admin can receive an alert notification if any suspicious behaviour is observed. Also, proper user authentication process can ensure comprehensive security to the institute’s network infrastructure.